From 9bae4c305a20eb0ca659ffaf9ff50bcdb5fbda3c Mon Sep 17 00:00:00 2001
From: Knut Ahlers <knut@ahlers.me>
Date: Sat, 29 Oct 2022 23:15:08 +0200
Subject: [PATCH] Add osslvault filter

Signed-off-by: Knut Ahlers <knut@ahlers.me>
---
 .gitconfig               |  5 +++++
 bin/git-filter-osslvault | 39 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100755 bin/git-filter-osslvault

diff --git a/.gitconfig b/.gitconfig
index 7f0b64d..9f9427a 100644
--- a/.gitconfig
+++ b/.gitconfig
@@ -36,6 +36,11 @@ required = true
 clean = git-lfs clean -- %f
 smudge = git-lfs smudge -- %f
 
+[filter "osslvault"]
+clean = git-filter-osslvault -f %f clean
+smudge = git-filter-osslvault smudge
+required = true
+
 [gpg]
 program = gpg2
 
diff --git a/bin/git-filter-osslvault b/bin/git-filter-osslvault
new file mode 100755
index 0000000..e5b045a
--- /dev/null
+++ b/bin/git-filter-osslvault
@@ -0,0 +1,39 @@
+#!/bin/bash
+set -euo pipefail
+
+source ~/bin/script_framework.sh
+
+function usage() { fatal "Usage: $0 -f <hash-filename> <clean|smudge>"; }
+
+check_utils \
+  openssl \
+  sha256sum \
+  vault
+
+passkey="secret/osslvault/$(basename $(pwd))"
+salt=""
+
+while getopts ":f:k:" o; do
+  case "${o}" in
+  f) salt="$(sha256sum ${OPTARG} | cut -d ' ' -f 1)" ;;
+  k) passkey="${OPTARG}" ;;
+  *) usage ;;
+  esac
+done
+shift $((OPTIND - 1))
+
+pass="$(vault read -field=pass "${passkey}")"
+[[ -n $pass ]] || fatal "Password not found."
+
+case ${1:-_invalid} in
+clean)
+  [[ -n $salt ]] || fatal "Missing paramter -f"
+  openssl enc -k ${pass} -S ${salt} -pbkdf2 -e -a
+  ;;
+smudge)
+  openssl enc -k ${pass} -pbkdf2 -d -a
+  ;;
+*)
+  usage
+  ;;
+esac